Florida Researchers Expose Image-Based AI Jailbreak Vulnerabilities

Hadi Amini, an associate professor at the Knight Foundation School of Computing and Information Sciences, and graduate assistant Md Jueal Mia developed a technique called JaiLIP—short for Jailbreaking with Loss-guided Image Perturbation. By using algorithms to introduce precise, invisible changes to images, the team successfully pushed AI models to output restricted information. During tests on the BLIP-2 model, these manipulated images nearly doubled the frequency of unsafe responses, including providing instructions on how to evade traffic laws.

Small-language models, frequently utilized by businesses for accounting and customer support, proved particularly vulnerable to these attacks. The researchers presented their findings at the 2025 International Conference on Machine Learning and Applications, arguing that these vulnerabilities represent a significant risk as corporate reliance on automated workflows grows. Amini suggests that organizations must restrict the sensitive data fed into AI systems and rigorously evaluate security protocols before deployment. By intentionally breaking these guardrails, the team aims to build more resilient defenses, teaching AI to recognize threats that remain invisible to the human eye.